On December 29, 2012, Microsoft released Security Advisory 2794220 which disclosed a vulnerability in Internet Explorer (IE) 6, 7, and 8.

The Microsoft Security Response Center says:

We are only aware of a very small number of targeted attacks at this time. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.